#!/usr/bin/perl
use Test::More;

BEGIN {
    $basedir = $0;
    $basedir =~ s|(.*)/[^/]*|$1|;

    # allow info to be shown during tests
    $v = $ARGV[0];
    if ($v) {
        if ( $v ne "-v" ) {
            plan skip_all => "Invalid option (use -v)";
        }
    }
    else {
        $v = " ";
    }

    plan tests => 8;
}

print "Test finit_module(2)\n";
$result = system
"runcon -t test_kmodule_t $basedir/finit_load $v $basedir setest_module_request";
ok( $result eq 0 );

# Deny capability { sys_module } - EPERM
$result = system
"runcon -t test_kmodule_deny_sys_module_t $basedir/finit_load $v $basedir setest_module_load 2>&1";
ok( $result >> 8 eq 1 );

# Deny system { module_load } - EACCES
$result = system
"runcon -t test_kmodule_deny_module_load_t $basedir/finit_load $v $basedir setest_module_load 2>&1";
ok( $result >> 8 eq 13 );

# Deny system { module_request } - EACCES
$result = system
"runcon -t test_kmodule_deny_module_request_t $basedir/finit_load $v $basedir setest_module_request 2>&1";
ok( $result >> 8 eq 13 );

print "Test init_module(2)\n";
$result = system
"runcon -t test_kmodule_t $basedir/init_load $v $basedir setest_module_request";
ok( $result eq 0 );

# Deny capability { sys_module } - EPERM
$result = system
"runcon -t test_kmodule_deny_sys_module_t $basedir/init_load $v $basedir setest_module_load 2>&1";
ok( $result >> 8 eq 1 );

# Deny system { module_load } - EACCES
$result = system
"runcon -t test_kmodule_deny_module_load_t $basedir/init_load $v $basedir setest_module_load 2>&1";
ok( $result >> 8 eq 13 );

# Deny system { module_request } - EACCES
$result = system
"runcon -t test_kmodule_deny_module_request_t $basedir/init_load $v $basedir setest_module_request 2>&1";
ok( $result >> 8 eq 13 );

exit;
